Refactor requires login logic, reduce duplicate code

This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action

app/controllers/application_controller.rb

@@ -48,8 +48,9 @@ class ApplicationController < ActionController::Base
   before_action :set_mobile_view
   before_action :block_if_readonly_mode
   before_action :authorize_mini_profiler
-  before_action :preload_json
   before_action :redirect_to_login_if_required
+  before_action :block_if_requires_login
+  before_action :preload_json
   before_action :check_xhr
   after_action  :add_readonly_header
   after_action  :perform_refresh_session
@@ -570,6 +571,28 @@ class ApplicationController < ActionController::Base
       raise RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?)
     end
 
+    def self.requires_login(arg = {})
+      @requires_login_arg = arg
+    end
+
+    def self.requires_login_arg
+      @requires_login_arg
+    end
+
+    def block_if_requires_login
+      if arg = self.class.requires_login_arg
+        check =
+          if except = arg[:except]
+            !except.include?(action_name.to_sym)
+          elsif only = arg[:only]
+            only.include?(action_name.to_sym)
+          else
+            true
+          end
+        ensure_logged_in if check
+      end
+    end
+
     def ensure_logged_in
       raise Discourse::NotLoggedIn.new unless current_user.present?
     end